import pyshark
from old_bak.e_post import post_data_to_elasticsearch

cap = pyshark.FileCapture('dos.pcap', keep_packets=False)


def post_highest_layer(pkt):
    pdict = {'highest_layer': pkt.highest_layer,
             'src_host': pkt.ip.src_host,
             'dst_host': pkt.ip.dst_host}

    post_data_to_elasticsearch('pyshark', pdict)


# 把函数应用到数据包
cap.apply_on_packets(post_highest_layer)
